Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 678182 - dev-perl/IO-Socket-SSL-2.60 version bump
Summary: dev-perl/IO-Socket-SSL-2.60 version bump
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Perl team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-02-16 22:59 UTC by Reuben Farrelly
Modified: 2019-07-12 19:40 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Reuben Farrelly 2019-02-16 22:59:43 UTC 
This build hasn't been bumped for quite a while.  There is a new version available - 2.060:

https://metacpan.org/changes/distribution/IO-Socket-SSL

This includes many new features such as an initial implementation of TLS 1.3 and SNI.

I have renamed the existing ebuild and adjusted DIST_VERSION in the new ebuild and can confirm that version 2.60 builds without any further modifications.
Comment 1 Reuben Farrelly 2019-03-02 07:48:01 UTC 
IO-Socket-SSL version 2.063 is now out.  Confirmed this version also works with the existing ebuild when only the version numbers are incremented (no other changes to the ebuild required except the version numbers).

2.063
- support for both RSA and ECDSA certificate on same domain
- update PublicSuffix
- Refuse to build if Net::SSLeay is compiled with one version of OpenSSL but
  then linked against another API-incompatible version (ie. more than just the
  patchlevel differs).
2.062
- Enable X509_V_FLAG_PARTIAL_CHAIN if supported by Net::SSLeay (1.83+) and
  OpenSSL (1.1.0+). This makes leaf certificates or intermediate certificates in
  the trust store be usable as full trust anchors too.
2.061
- Support for TLS 1.3 session reuse. Needs Net::SSLeay 1.86+.
  Note that the previous (and undocumented) API for the session cache has been
  changed.
- Support for multiple curves, automatic setting of curves and setting of
  supported curves in client. Needs Net::SSLeay 1.86+.
- Enable Post-Handshake-Authentication (TLSv1.3 feature) client-side when
  client certificates are provided. Thanks to jorton[AT]redhat[DOT]com.
  Needs Net::SSLeay 1.86+.
2.060 2018/09/16
- support for TLS 1.3 with OpenSSL 1.1.1 (needs Net::SSLeay 1.86+)
  Thanks to ppisar[AT]redhat.com for major help
  see also https://rt.cpan.org/Ticket/Display.html?id=126899
  TLS 1.3 support is not complete yet for session reuse
Comment 2 Larry the Git Cow gentoo-dev 2019-07-12 19:40:22 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17c1b24ed64bdd0b93dfa7abad119e3e7faa2906

commit 17c1b24ed64bdd0b93dfa7abad119e3e7faa2906
Author:     Kent Fredric <kentnl@gentoo.org>
AuthorDate: 2019-07-12 19:39:24 +0000
Commit:     Kent Fredric <kentnl@gentoo.org>
CommitDate: 2019-07-12 19:40:05 +0000

    dev-perl/IO-Socket-SSL: Bump to version 2.66.0 re bug #678182
    
    Upstream:
    - Prefer AES for server side cipher default (performance)
    - Make fingerprint algo optional, based on fingerprint length
    - use CTX_set_ecdh_auto when needed (OpenSSL 1.0.2)
    - Update fingerprints in live tests
    - Support dual RSA and ECDSA certificates on the same domain
    - Update PublicSuffix
    - Fail compilation when Net::SSLeay has cross-version API-incompatible
       OpenSSL linking
    - Enable X509_V_FLAG_PARTIAL_CHAIN if supported (Net::SSLeay 1.83+,
       OpenSSL 1.1.0+ )
    - Support multiple/automatic/custom curves (Net::SSLeay 1.86+)
    - Enable Post-Handshake-Auth client-side when client certs are
      provided (TLS1.3, Net::SSLeay 1.86+)
    - Support for TLS 1.3 (OpenSSL 1.1.1, Net::SSLeay 1.86+)
    - Fix memory leak when CRL are used
    - Fix memory leak w/ stop_SSL and threads, non-blocking sockets, or
      timeout
    - Fix various test failures w/ newer OpenSSL
    - Fix redefine warnings when Socket6 is installed w/o
      IO::Socket::{IP,INET6}
    - Add optional 'serial' argument to IO::Socket::SSL::Intercept
    - Add function get_session_reused to detect session reuse.
    - Fix fingerprint_xxx value reported by IO::Socket::SSL::Utils::Cert_asHash
    - Fix creation of serial number in IO::Socket::SSL::Intercept
    - Fix tests failing w/o IPv6 support
    - Use SNI if hostname is given in ALL CAPS
    - Don't add authority key for issuer in Utils::CERT_create
    - Add missing certificates to dist/manifest
    - Don't check for OCSP if SSL_fingerprint is used and matches
    
    Keywords:
    - Due to addition of Mozilla-CA as a dep, the following keywords are
      dropped:
        amd64-{fbsd,linux} arm{,64} hppa ia64 m68k{,-mint} mips
        ppc-{aix,macos} riscv s390 sh sparc sparc{,64}-solaris x64-cygwin
        {x86,x64}-{macos,solaris} x86-{fbsd,linux}
    
    Bug: https://bugs.gentoo.org/682224
    Closes: https://bugs.gentoo.org/678182
    Package-Manager: Portage-2.3.66, Repoman-2.3.16
    Signed-off-by: Kent Fredric <kentnl@gentoo.org>

 dev-perl/IO-Socket-SSL/IO-Socket-SSL-2.66.0.ebuild | 31 ++++++++++++++++++++++
 dev-perl/IO-Socket-SSL/Manifest                    |  1 +
 2 files changed, 32 insertions(+)